All guides

How to Study for CompTIA Security+ (SY0-701)

If you want to know how to study for Security+ without wasting weeks on the wrong material, this is a realistic, day-by-day plan for the current SY0-701 exam — what to learn, in what order, and how to make it stick.

First, know what you're up against

The CompTIA Security+ SY0-701 exam has a maximum of 90 questions, a 90-minute time limit, and a passing score of 750 on a 100 to 900 scale. Questions come in two flavors: standard multiple-choice and performance-based questions (PBQs) — interactive tasks where you configure, match, or troubleshoot something in a simulated environment.

The content is split across five domains, and they are not weighted equally:

DomainWeight
1. General Security Concepts12%
2. Threats, Vulnerabilities and Mitigations22%
3. Security Architecture18%
4. Security Operations28%
5. Security Program Management and Oversight20%

The takeaway: Domains 2 and 4 alone are half the exam. Don't spread your hours evenly — bias your time toward threats/mitigations and security operations.

CompTIA recommends Network+ plus roughly two years of IT experience in a security or systems administration role. You don't strictly need either, but if you're a career changer, budget extra weeks and extra hands-on practice.

The role of acronyms and ports

Security+ is written almost entirely in shorthand. You'll read SIEM, SOAR, RBAC, EDR and IPSec and be expected to know what each does on sight — CompTIA's official SY0-701 exam objectives include an acronym appendix of roughly 320+ terms. You won't be asked to spell them out, but if you stall on the acronym you can't answer the question.

The same goes for a short list of ports and protocols that show up constantly:

  • TCP: 22 (SSH/SFTP), 25 (SMTP), 80 (HTTP), 443 (HTTPS), 389 (LDAP), 636 (LDAPS), 3389 (RDP)
  • UDP: 67/68 (DHCP), 123 (NTP), 161/162 (SNMP), 514 (Syslog)
  • Both: 53 (DNS)

Learn the acronyms and ports early and continuously, not in a panic the night before. They are background knowledge that makes every other topic faster to read.

A realistic week-by-week study plan

This assumes 1 to 2 hours a day over roughly 8 weeks. Compress it if you have Network+ or hands-on experience; stretch it if you're starting cold.

Week 1 — Foundations (Domain 1). Get the vocabulary of security: the CIA triad (Confidentiality, Integrity, Availability), AAA (Authentication, Authorization, Accounting), security controls (preventive, detective, corrective), and the difference between threat, vulnerability and risk. Start your acronym deck now and review it daily for the rest of the plan.

Week 2 — Cryptography and PKI. Symmetric vs asymmetric, hashing (SHA, HMAC), AES, RSA, digital signatures, certificates, and PKI (Public Key Infrastructure) with CA, CRL and OCSP. This is dense; expect to revisit it.

Weeks 3 to 4 — Threats, Vulnerabilities and Mitigations (Domain 2, 22%). Malware types, social engineering, attack vectors, the vulnerability lifecycle, and mitigation techniques. This is the single most-weighted slice of pure content — give it two full weeks.

Week 5 — Security Architecture (Domain 3). Network design, zero trust, secure protocols, cloud and virtualization concepts, resilience, and data protection (encryption at rest/in transit, DLP). Pull your ports list back out here.

Week 6 — Security Operations (Domain 4, 28%). The biggest domain. Identity and access management (IAM, MFA, SSO, RBAC), monitoring with SIEM and SOAR, vulnerability scanning, incident response, and digital forensics. Heavy on PBQ-style scenarios.

Week 7 — Governance, Risk and Compliance (Domain 5). Policies, the risk management process, third-party/vendor risk, compliance, audits, and business continuity terms: RTO, RPO, MTTR, MTBF, BIA. Lots of definitions — perfect for spaced repetition.

Week 8 — Practice exams and weak spots. Stop learning new material. Take full-length timed practice exams, review every wrong answer until you understand why, and re-drill the acronyms and ports you keep missing. Aim to consistently score in the 80s on practice tests before booking.

Resources that actually work

You don't need to buy everything. A lean, effective stack:

  • The official SY0-701 exam objectives PDF (free from CompTIA) — your master checklist, including the acronym appendix. Tick off every bullet.
  • One core course or book — a well-reviewed video course or study guide aligned to SY0-701. Pick one and finish it; don't collect five.
  • A quality practice-exam bank — practice PBQs and questions written for SY0-701, not an older version.
  • Hands-on or lab time — even a free virtual machine, Wireshark, or a cloud trial makes abstract concepts concrete.
  • A flashcard/spaced-repetition tool — for the acronyms, ports, and quick-recall facts.

Don't fear the performance-based questions

PBQs intimidate people, but they're predictable. They cluster around firewall/ACL rule ordering, matching attacks to mitigations, configuring secure settings, and reading log output. Three rules:

  1. Do them last. PBQs usually appear first and eat time. Flag them, clear the multiple-choice questions, then return with the clock pressure gone.
  2. Practice a handful beforehand so the interface and format aren't a surprise on test day.
  3. Partial credit exists on many PBQs — answer every part you can rather than leaving it blank.

Exam-day tips

  • Sleep beats cramming. A tired brain misreads "least" as "most."
  • Read each question fully — Security+ loves the words BEST, MOST likely, and FIRST. The wrong-but-tempting answer is usually there on purpose.
  • Skip-and-flag anything that stalls you; never let one question burn five minutes.
  • Eliminate obviously wrong options first to turn a guess into a coin flip.
  • Trust your first instinct unless you find a concrete reason to change it.

Lock it in

A study plan only works if the facts are still there on exam day. The two techniques that beat re-reading are active recall (quizzing yourself) and spaced repetition (reviewing each item right before you'd forget it). That's exactly what CompTIA Acronyms+ is built for: it ships a full SY0-701 acronym set of 334 entries — covering CompTIA's official appendix and then some — with definitions, an exam mode, and an SM-2 spaced-repetition engine that schedules the hard acronyms back more often and lets the easy ones fade. Drill 10 minutes a day alongside this plan, and the acronyms — plus the ports behind them — turn into automatic, free points instead of a night-before scramble.

Get the App